pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
This update is just to accomodate the speex splitup.
Note that Asterisk 10.x is dead upstream and should not be used
anymore. This package will be removed at some point.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
0.35 (07/20/2014)
(ms) Fix for [rt.cpan.org #97322], now rounding results to cope with
floating point inaccuracies in rrdtool. Reported by Andreas König.
0.34 (06/26/2014)
(ms) Added disable_rrdtool_tag option as suggested by Sun Guonian.
0.33 (07/08/2013)
(ms) Florian Eckert reported that graph() modified 2nd level
entries of the options array passed to it. Used Storable::clone
in OO.pm to make a deep copy first.
0.32 (03/06/2012)
(ms) [rt.cpan.org #63351] Applied modified patch by Jonas Wagner to
fix stacked graphs with no legend.
(ms) Implements RRDs::xport and returns a Perl structure instead of
basic xport array (Remi Ferrand, Fabien Wernli).
New in 1.5
* cabextract replaces bad Unicode characters in filenames with the
standard Unicode replacement character
* wince_rename now puts files under the correct installation path
* Several crashes and hangs were found by Debian project members
using the afl (American fuzzy lop) tool to generate corrupt
cabinet files. These crashes and hangs have been fixed.
Updated devel/p5-Exporter-Tiny to 0.043.01
Updated devel/p5-ExtUtils-Command to 1.20
Updated devel/p5-ExtUtils-CppGuess to 0.08
Updated devel/p5-ExtUtils-Helpers to 0.022
Updated devel/p5-ExtUtils-ModuleMaker to 0.52
Updated devel/p5-ExtUtils-ModuleMaker-TT to 0.94
Updated devel/p5-ExtUtils-XSpp to 0.18
pkglint warns
WARN: Makefile:3: The package is being downgraded from 0.1602 to 0.18.
should look PKGNAME instead of DISTNAME ?
----------------------
0.18 Wed Sep 18 10:00:00 CEST 2013
- Upgrade to stable release.
0.17_02 Wed Aug 28 22:35:02 CEST 2013
- Fixed getters for typemaps using %output_list annotation.
0.17_01 Sat Aug 10 08:20:11 CEST 2013
- Added standard XS typemap for objects (disabled by default for
backwards compatibility).x
- Allow specifying XS typemap code in the XS++ typemap declaration.
- Generate accessors for member variables.
- Handle multiple function/method annotations (used by plugins).
- Updated plugin interface (should be backwards-compatible).
0.1700 Sun Feb 10 12:00:00 CET 2013
- %alias feature for aliasing XS++ wrappers.
0.1603 Fri Dec 28 12:03:09 CEST 2012
- Fix blead-perl warning about unescaped { in regexps.
- Use ExtUtils::Typemaps instead of ExtUtils::Typemap (which
had to be renamed).
- Somewhat improved examples.
--------------
0.52 July 4, 2014
Move version control from Subversion to git. Establish development
repository at https://github.com/jkeenan/extutils-modulemaker. Adapt
code to prevent warnings to be added in Perl 5.22.
---------------
0.022 2014-03-07 13:27:09CET+0100 Europe/Amsterdam
Cleaned up remains of former functions
Skip IO layers on <5.8 for 5.6 compatability
Don't swallow pl2bat exceptions
-------------------------------
0.280220 - 2014-09-27
Fixed:
- Added missing 'use Config' from 'android.pm' (thanks Debian community)
0.280219 - 2014-09-01
Fixed:
- Fixed regression on Android (thanks to Brian Fraser)
0.280218 - 2014-09-01
Fixed:
- Mispelled 'starup' key in BCC support was fixed. #79574
- Fixed the version in the PM file (thanks to Jim Keenan)
0.280217 - 2014-08-22
Fixed:
- Quoted perl path for Windows support #98245 [Alberto Simoes]
All backends have been changed to use the MC asm printer and support for the non MC one has been removed.
Clang can now successfully self-host itself on Linux/Sparc64 and on FreeBSD/Sparc64.
LLVM now assumes the assembler supports .loc for generating debug line numbers. The old support for printing the debug line info directly was only used by llc and has been removed.
All inline assembly is parsed by the integrated assembler when it is enabled. Previously this was only the case for object-file output. It is now the case for assembly output as well. The integrated assembler can be disabled with the -no-integrated-as option.
llvm-ar now handles IR files like regular object files. In particular, a regular symbol table is created for symbols defined in IR files, including those in file scope inline assembly.
LLVM now always uses cfi directives for producing most stack unwinding information.
The prefix for loop vectorizer hint metadata has been changed from llvm.vectorizer to llvm.loop.vectorize. In addition, llvm.vectorizer.unroll metadata has been renamed llvm.loop.interleave.count.
Some backends previously implemented Atomic NAND(x,y) as x & ~y. Now all backends implement it as ~(x & y), matching the semantics of GCC 4.4 and later.
Release 4.1.1 - 2015-01-29
--------------------------
Improvements
^^^^^^^^^^^^
* [windows] Improved to show error message instead of
error code. It's easy to understand.
* [experimental][windows] Supported small start file size for database file.
In previous versions, Groonga consumed larger initial file
size on windows in contrast to UNIX like environment.
To enable this feature, use ``GRN_IO_VERSION=1`` environment
variable. This feature isn't enabled by default because it is in experimental stage.
* Supported ``SUM``, ``MIN``, ``MAX``, ``AVG`` feature for drilldown.
This feature is supported by extending newer drilldown syntax which supports label.
Specify ``SUM``, ``MIN``, ``MAX`` or ``AVG`` for :ref:`select-drilldown-calc-types`
and target column for :ref:`select-drilldown-calc-target`.
The return value is calculated based on drilldown result in group.
* [experimental] Added ``--with-jemalloc`` option to use ``jemalloc`` for ``malloc()/free()``.
It'll improve performance on multi-threading usage. For example, the performance
of :doc:`/reference/executables/groonga` or `Mroonga <http://mroonga.org/>`__ will be improved.
Note that this feature doesn't affect to :doc:`/reference/executables/groonga-httpd` because
groonga-httpd uses multi-process model instead of multi-threading.
* groonga-httpd: Supported long error message over 2048 bytes.
By this change, long error message (>2048) is not truncated.
* groonga-httpd: Supported streaming dump functionality.
Fixes
^^^^^
* Fixed mismatch between error code and error message when
``strerror()`` is failed. There was a case that Groonga shows
incorrect error code as syscall error.
* Fixed to show errno in error message when unknow error is occurred.
* [windows] Fixed to return proper error code.
* Fixed a bug that there is only one section for multi-column index for
:ref:`select-match-columns`, it doesn't return correct search results.
For example, consider the case that there is multi-column index which is
named as ``memo_index`` for ``title`` column and ``content`` column.
Thus, this bug occurs when ``memo_index[0]`` which means index
for ``title`` column is specified for :ref:`select-match-columns`.
* mecab: Added workaround for ``mecab_strerror(NULL)`` on MeCab 0.993.
Without this workaround, Groonga aborts if there is no MeCab
dictionary. [Reported by Shuhei Tanuma]
* groonga-httpd: Fixed a bug that custom log file is ignored.
* groonga-httpd: Fixed a bug that empty dump doesn't return.
Thanks
^^^^^^
* Shuhei Tanuma
New xkeyboard-config release is out:
Andreas Wettstein (1):
Add oe ligature to Swiss keyboard layout, replacing oslash.
Changwoo Ryu (1):
update Korean
Julien Cristau (1):
fujitsu_vndr: add a name to xkb_symbols sections
Michael Witten (1):
README: Clean up grammar/formatting, and mention bugzilla
Peter Hutterer (2):
rules: improve documentation for numpad:microsoft
symbols/il: add HOLAM HASER FOR VAV on shift+5 to il(biblical)
Ran Benita (3):
symbols/macintosh_vndr: add some "default" annotations
macintosh_vndr/us: include "keypad(overlay)" explicitly
symbols/keypad: move the default map to be the first in the file
Sergey Udaltsov (9):
Added Russian AZERTY phonetic variants
Added de(pl) option
Fixng the ISO 639-2 Code for the Uyghur keyboard layout [cn (ug)]
Removing compose(ralt)
Prerelease 2.13.99
support for arabic macintosh
Typo fixed, closing tag
Prerelease translation sync
Release 2.14
Viatcheslav Kileev (1):
symbols/ru: remove non-Mari letters from Mari layout and add the missing one
